GitLab Advanced SAST rules: C#
- Tier: Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
Rules used by GitLab Advanced SAST to detect vulnerabilities in C# code.
| Rule ID | Rule description | CWE | OWASP Top 10 |
|---|---|---|---|
csharp-dapper-sqli-taint | Improper neutralization of special elements used in an SQL command (‘SQL Injection’) | CWE-89 | A1:2017, A03:2021 |
csharp-lang-cmdi-os-command-injection-taint | Improper neutralization of special elements used in an OS command (‘OS Command Injection’) | CWE-78 | A1:2017, A03:2021 |
csharp-lang-cmdi-process-start-taint | Improper neutralization of special elements used in an OS command(‘OS Command Injection’) | CWE-78 | A1:2017, A03:2021 |
csharp-lang-codei-taint | Improper control of generation of code (‘Code Injection’) | CWE-94 | A1:2017, A03:2021 |
csharp-lang-crypto-certificate-validation-disabled-atomic | Certificate validation disabled | CWE-295 | A2:2017, A07:2021 |
csharp-lang-crypto-weak-cipher-alg-atomic | Use of a broken or risky cryptographic algorithm | CWE-327 | A3:2017, A02:2021 |
csharp-lang-crypto-weak-cipher-mode-atomic | Use of a broken or risky cryptographic algorithm | CWE-327 | A3:2017, A02:2021 |
csharp-lang-crypto-weak-hashing-function-atomic | Use of a broken or risky cryptographic algorithm (SHA1/MD5) | CWE-327 | A3:2017, A02:2021 |
csharp-lang-crypto-weak-rng-atomic | Use of cryptographically weak Pseudo-Random Number Generator (PRNG) | CWE-338 | A3:2017, A02:2021 |
csharp-lang-csrf-input-no-validate-antiforgery-token-atomic | Potential Cross-Site Request Forgery (CSRF) | CWE-352 | A5:2017, A01:2021 |
csharp-lang-deserialization-binaryformatter-taint | Deserialization of potentially untrusted data | CWE-502 | A8:2017, A08:2021 |
csharp-lang-deserialization-soapformatter-taint | Deserialization of potentially untrusted data | CWE-502 | A8:2017, A08:2021 |
csharp-lang-deserialization-taint | Deserialization of potentially untrusted data | CWE-502 | A8:2017, A08:2021 |
csharp-lang-ldapi-taint | Improper neutralization of special elements used in an LDAP query (‘LDAP Injection’) | CWE-90 | A1:2017, A03:2021 |
csharp-lang-misconfiguration-cookie-httponly-atomic | Sensitive cookie without ‘HttpOnly’ flag | CWE-1004 | A6:2017, A05:2021 |
csharp-lang-misconfiguration-cookie-secure-atomic | Sensitive cookie in HTTPS session without ‘Secure’ attribute | CWE-614 | A6:2017, A05:2021 |
csharp-lang-misconfiguration-input-validation-atomic | ASP.NET input validation disabled | CWE-554 | A6:2017, A05:2021 |
csharp-lang-misconfiguration-password-complexity-atomic | Weak password requirements | CWE-521 | A2:2017, A07:2021 |
csharp-lang-openredirect-taint | URL redirection to untrusted site ‘open redirect’ | CWE-601 | A1:2017, A03:2021 |
csharp-lang-pathtraversal-aspnetcore-taint | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-fileproviders-low-taint | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-fileproviders-taint | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-reflection-taint | Use of externally-controlled input to select classes or code (‘Unsafe Reflection’) | CWE-470 | A01:2017, A03:2021 |
csharp-lang-pathtraversal-systemio-low-taint | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-systemio-medium-taint | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-systemio-taint | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-systemiocompression-taint | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-systemnet-taint | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-systemweb-taint | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-systemxml-taint | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) | CWE-22 | A5:2017, A01:2021 |
csharp-lang-sqli-injection-taint | Improper neutralization of special elements used in an SQL command (‘SQL Injection’) | CWE-89 | A1:2017, A03:2021 |
csharp-lang-sqli-mysqlconnector-taint | Improper neutralization of special elements used in an SQL command (‘SQL Injection’) | CWE-89 | A1:2017, A03:2021 |
csharp-lang-sqli-sql-command-taint | Improper neutralization of special elements used in an SQL command (‘SQL Injection’) | CWE-89 | A1:2017, A03:2021 |
csharp-lang-ssrf-http-client-taint | Server Side Request Forgery (SSRF) | CWE-918 | A1:2017, A10:2021 |
csharp-lang-ssrf-rest-client-taint | Server Side Request Forgery (SSRF) | CWE-918 | A1:2017, A10:2021 |
csharp-lang-ssrf-web-client-taint | Server Side Request Forgery (SSRF) | CWE-918 | A1:2017, A10:2021 |
csharp-lang-ssrf-web-request-taint | Server Side Request Forgery (SSRF) | CWE-918 | A1:2017, A10:2021 |
csharp-lang-xpathi-xml-query-taint | Improper neutralization of data within XPath expressions (‘XPath Injection’) | CWE-643 | A1:2017, A03:2021 |
csharp-lang-xss-html-elements-taint | Improper neutralization of input during web page generation (‘Cross-site Scripting’) | CWE-79 | A1:2017, A03:2021 |
csharp-lang-xss-scriptxss-taint | Improper neutralization of input during web page generation (‘Cross-site Scripting’) | CWE-79 | A7:2017, A03:2021 |
csharp-lang-xxe-externalxmlentities-taint | Improper restriction of XML external entity reference (‘XXE’) | CWE-611 | A1:2017, A03:2021 |
csharp-lang-xxe-unsafe-xslt-setting-used-atomic | Improper restriction of XML external entity reference | CWE-611 | A4:2017, A05:2021 |
csharp-lang-xxe-xmldocument-taint | Improper restriction of XML external entity reference (‘XXE’) | CWE-611 | A1:2017, A03:2021 |
csharp-lang-xxe-xmlreadersettings-taint | Improper restriction of XML external entity reference (‘XXE’) | CWE-611 | A1:2017, A03:2021 |
csharp-newtonsoft-deserialization-json-taint | Deserialization of potentially untrusted data | CWE-502 | A8:2017, A08:2021 |
csharp-razor-ssti-razlorlight-filebased-taint | Improper neutralization of special elements used in a template engine | CWE-1336 | A1:2017, A03:2021 |
csharp-razor-ssti-razlorlight-taint | Improper neutralization of special elements used in a template engine | CWE-1336 | A1:2017, A03:2021 |
csharp-razor-ssti-taint | Improper neutralization of special elements used in a template engine | CWE-1336 | A1:2017, A03:2021 |